Amtrak Data Breach Exposes Over 2 Million Email Addresses in ShinyHunters Attack
Earlier this month, U.S. rail operator Amtrak fell victim to a data breach attributed to the cybercriminal group ShinyHunters, with the compromised data surfacing this week. The exposed dataset includes over 2 million email addresses, along with names, physical addresses, and customer support ticket details.
Approximately 80% of the leaked email addresses were already indexed in LinkedIn’s database, suggesting prior exposure in other breaches. The incident highlights the risks of overlapping personal data across platforms, as threat actors increasingly exploit aggregated information for targeted attacks.
ShinyHunters, known for large-scale data theft and leaks, has previously targeted organizations across sectors, selling or distributing stolen records on underground forums. The breach underscores the persistent threat posed by cybercriminal groups specializing in credential harvesting and identity-related fraud.
No official statement from Amtrak regarding the breach’s impact or mitigation efforts has been released at this time. The incident adds to a growing list of high-profile breaches in 2024, reinforcing concerns over data security in critical infrastructure and service providers.
Source: https://www.linkedin.com/feed/update/urn:li:activity:7450770790192660481
Amtrak cybersecurity rating report: https://www.rankiteo.com/company/amtrak
"id": "AMT1776407118",
"linkid": "amtrak",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 2 million',
'industry': 'Transportation',
'location': 'United States',
'name': 'Amtrak',
'type': 'Rail Operator'}],
'data_breach': {'number_of_records_exposed': 'Over 2 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Email addresses',
'Names',
'Physical addresses',
'Customer support ticket '
'details']},
'description': 'Earlier this month, U.S. rail operator Amtrak fell victim to '
'a data breach attributed to the cybercriminal group '
'ShinyHunters, with the compromised data surfacing this week. '
'The exposed dataset includes over 2 million email addresses, '
'along with names, physical addresses, and customer support '
'ticket details. Approximately 80% of the leaked email '
'addresses were already indexed in LinkedIn’s database, '
'suggesting prior exposure in other breaches. The incident '
'highlights the risks of overlapping personal data across '
'platforms, as threat actors increasingly exploit aggregated '
'information for targeted attacks.',
'impact': {'data_compromised': 'Over 2 million email addresses, names, '
'physical addresses, and customer support '
'ticket details',
'identity_theft_risk': 'High'},
'lessons_learned': 'The incident highlights the risks of overlapping personal '
'data across platforms, as threat actors increasingly '
'exploit aggregated information for targeted attacks.',
'motivation': 'Credential harvesting and identity-related fraud',
'references': [{'source': 'Cyber Incident Description'}],
'threat_actor': 'ShinyHunters',
'title': 'Amtrak Data Breach Exposes Over 2 Million Email Addresses in '
'ShinyHunters Attack',
'type': 'Data Breach'}